It seems OK to try to authenticate if user provides the authentication information in URI. The following patch (with the spaces messed up by the CODE) adds authentication (only Basic scheme) handling to the 'open' method of HTTPStreamFactory: